Certain security features in the HS module (e.g., administrator password expiration and forced reset) are not compatible with the Secure Ad Hoc Transfer Module. If you are using the HS module and the SAT module with EFT Server, you should create a separate, non-PCI DSS Site that is used only for the Secure Ad Hoc Transfer module. Alternately, you can disable the features that are not compatible, but that would take the Site out of compliance with the PCI DSS.
Administrator password expiration and forced reset are features that help your Site remain in compliance with the PCI DSS; however, those same features can cause problems with the SAT module. If the administrator password expires or changes, the value stored in the SAT module's configuration file is no longer valid. Since the value stored in the configuration file is not plaintext, you cannot change it by typing the new password in the file.
The SAT module uses a temporary user account to upload files from the IIS computer to the temporary user's home directory on EFT Server. If the useProtocolForUpload value in the configuration file is set to anything other than -1 (file copy), the file cannot be uploaded to the temporary user account, because the password has not been reset on first logon, as required for PCI DSS compliance. When useProtocolForUpload is set to anything other than -1 (the default is 5), the force reset password feature should be disabled.
The "force users to reset their password on initial login" option can be enabled on a High Security Site, if the useProtocolForUpload setting in the configuration file is set to -1 (which means File Copy). Since this is not the default option, a Server administrator must edit the file. Also, setting useProtocolForUpload to -1 (File Copy) is only a viable option if both EFT Server and IIS are installed on the same computer or the EFTRootFolderUNCPath value in the configuration file, which is blank by default, specifies a remote path on which the IIS computer can access EFT Server root folder. The available settings for the useProtocolForUpload value are:
-1 = File copy
0 = FTP
1 = FTPS_IMPLICIT
2 = FTPS_EXPLICIT
3 = SFTP2
4 = HTTP
5 = HTTPS
6 = SOCKS4
7 = SOCKS5
8 = FTPS_AUTH_TLS
The recommended configuration is to create a non-PCI Site for exclusive use by the SAT module and disable the password expiration and forced reset options. As always, if you have any questions or concerns regarding installing and configuring EFT Server for use with any of the modules, contact GlobalSCAPE Technical Support.